Quote of the Day – Bruce Schneier (8/26/2014)

The White House is refusing to release details about the security of healthcare.gov because it might help hackers. What this really means is that the security details would embarrass the White House.

Bruce SchneierSecurity by Obscurity at Healthcare.gov Site
August 26th, 2014


[I have nothing else to add. -B]

 

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms.

He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do it’s thing.

Beware of the Snake Oil

So browsing through my FB feeds this morning I saw this “paid advertisement.”

Screen Shot 2014-08-13 at 7.15.30 AM

I all the sudden felt a recon red team exercise coming on. I go head and click on over to the website. There was a lot of snake oil in that page and as someone who understands this crap from a system’s perspective, any time you use wireless there are serious possibilities for remote vulnerabilities or exploits. So when I saw this line, my bull crap meter red lined.

Old wired technology. Traditional alarm companies want to put wires in your walls, because they know that ripping their wires out is hard and expensive.

On that above quote, let me tell you, removing wires is not that difficult. It’s called a pair of dykes, knife, spackle, and paint.  I can “remove” that wire in about 5 minutes for about 15 bucks. Actually I can remove every wire associated to any alarm system.  Hell if it’s actually dropped into an electrical box, just put a blank cover plate on it for like 10 cents.

Don’t get me wrong, I love the concept and give it two thumbs up from that stand point and for most burglars this will probably be fine, until someone makes an App that turns off, disables, or denies service to any SimpliSafe system. Given the sensors communicate wirelessly with a central base station, this seems not only possible, but very within the realm of possibility.

Further as it’s a wireless system said app can now tell me which homes have something inside that they feel the need to protect using a system that I am now capable of disabling.

As I said above, great concept but if one thing as an engineer has taught me, especially with some time in product development, I have never seen someone come in with an idea and really consider security and take it serious from the start. It’s always an afterthought and treated like a bug. Even more than that, wireless is often thrown around like a buzzword as if it’s somehow better just because.  There are serious benefits to wireless but like everything it’s a trade-off.

If I had extra time now I’d totally pick up a system to beat the crap out of. My advice, it’s probably better than a poke in the eye with a sharp stick but eventually it will be the equivalent of painting an invisible radiating target on your house. For the most part you’re not protecting your house from people like me which is the one saving grace. That said, this will be a joke to any determined attacker for the reasons outlined above.

If they want to send me a system to evaluate, seriously not asking cause my time is precious right now, I’m more than happy to withdraw my basic observations above should they be proven wrong.

*Again I haven’t actually dug into said product, this is based on a review of their site literature and advertising. I am merely providing this as an educational service and food for thought. If you’re from SimpliSafe and feel epic butt-hurt from the above, contact me and we can chat about it.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms.

He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do it’s thing.

Quote of the Day – Ry Jones (2/24/2014)

In WireShark I trust.

Ry JonesThere is no evidence to support that claim.
February 24th, 2014


[Yup.  As a geek this kicked over my giggle box.  Doubly so since I've been in that same position.

Well I don't care what you say, WireShark shows no traffic related to X when you're process is running.  So you're craps broken, deal with it!

I've noticed it is a unique individual who will just willingly admit, "Yup I screwed up, give me a couple minutes so I can fix that." Most of the time people are more interested in saving face and making themselves not look bad.

I find it better to look good by admitting my mistake and fixing the problem, but that's just me.  -B]

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms.

He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do it’s thing.

This made me laugh…

I was about to just straight up bit bucket this thing but decided to at least take a look since all I saw was the name when I glanced on my phone.  I’m glad I did because I needed a good laugh.

From: Amy <[email protected]>
Subject: ATTENTION the-minuteman.org OWNER!!!

Message Body:
Hello the-minuteman.org owner,

My name is Amy and I am a private investigator with 20 years of experience. PLEASE READ THIS MESSAGE SERIOUSLY! While browsing the internet just now, I found out there are some people talking BAD about your website the-minuteman.org at a few online forums and Facebook groups. They are creating Bad Reputation about your website the-minuteman.org! They even say the-minuteman.org is a big liar and many people had believed them!

I decided to capture some screen shots of their activities and make it into a FREE report for you.

Please download the report that I made for your website the-minuteman.org here : [link removed for safety]

Your contact form does not allow file upload, so I uploaded it into a free file hosting site called cleanfiles.net, they host files for free so you are required to complete a short survey before downloading your report.

Take a look into this matter RIGHT NOW! Download your report here : [link removed for safety]

P/S: I am just trying to help. If you DON’T CARE about your REPUTATION you can ignore my message.

Amy.


This mail is sent via contact form on The Minuteman http://www.the-minuteman.org

Obviously you’re not familiar with me or this website.  I am well known and take pleasure in the idea that some people hate me.  I’m well aware of people writing bad things about me on the internet.  I just make sure when I find it I return the favor.

I’m reasonably sure Amy that my reputation with those I actually respect is quite well intact.  In the words of Winston Churchill:

You have enemies? Good. That means you’ve stood up for something, sometime in your life.

Thanks for confirming I’ve done my job.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms.

He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do it’s thing.

Quote of the Day–Me* 6/12/2013

Good lord, that a lot of porn.  How could the NSA categorize it and make sure they have everyone’s kinks right?

Barron – Conversation

June 12th, 2013


[For context I read this article this morning which had this note in it:

Considering that, according to Cisco, the total world Internet traffic for 2012 was 1.1 exabytes per day…

My immediate thought was that was a whole lot of porn and bitching across the internet.  I then someone asked me why I said wow.  To which I informed them of the 1.1 exabyte estimate and immediately followed it with the quote above… It seems the prudent comment to make.

If you don’t understand why I would think that would be a prudent comment to make, I give you:

–B

*It’s my blog and I can quote myself if I damn well please!]

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms.

He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do it’s thing.